A -
B -
C -
D -
E -
F -
G -
H -
I -
J -
K -
L -
M -
N -
O -
P -
Q -
R -
S -
T -
U -
V -
W -
X -
Index
A
AAA down policy, NAC Layer 2 IP validation 1-9
abbreviating commands 2-4
ABRs 35-24
AC (command switch) 5-10
access-class command 32-19
access control entries
See ACEs
access-denied response, VMPS 12-28
access groups
applying IPv4 ACLs to interfaces 32-20
Layer 2 32-20
Layer 3 32-20
accessing
clusters, switch 5-13
command switches 5-11
member switches 5-13
switch clusters 5-13
access lists
See ACLs
access ports
and Layer 2 protocol tunneling 16-11
defined 10-3
in switch clusters 5-9
access template 7-1
accounting
with 802.1x 9-32
with IEEE 802.1x 9-8
with RADIUS 8-28
with TACACS+ 8-11, 8-17
ACEs
and QoS 33-7
defined 32-2
Ethernet 32-2
IP 32-2
ACLs
ACEs 32-2
any keyword 32-12
applying
on bridged packets 32-38
on multicast packets 32-39
on routed packets 32-38
on switched packets 32-37
time ranges to 32-16
to an interface 32-19, 38-7
to IPv6 interfaces 38-7
to QoS 33-7
classifying traffic for QoS 33-44
comments in 32-18
compiling 32-21
defined 32-1, 32-7
examples of 32-21, 33-44
extended IP, configuring for QoS classification 33-45
extended IPv4
creating 32-10
matching criteria 32-7
hardware and software handling 32-21
host keyword 32-12
IP
creating 32-7
fragments and QoS guidelines 33-33
implicit deny 32-9, 32-13, 32-15
implicit masks 32-9
matching criteria 32-7
undefined 32-20
IPv4
applying to interfaces 32-19
creating 32-7
matching criteria 32-7
named 32-14
numbers 32-8
terminal lines, setting on 32-18
unsupported features 32-6
IPv6
applying to interfaces 38-7
configuring 38-3, 38-5
displaying 38-8
interactions with other features 38-4
limitations 38-3
matching criteria 38-3
named 38-3
precedence of 38-2
supported 38-2
unsupported features 38-3
Layer 4 information in 32-37
logging messages 32-8
MAC extended 32-26, 33-46
matching 32-7, 32-20, 38-3
monitoring 32-40, 38-8
named, IPv4 32-14
named, IPv6 38-3
names 38-4
number per QoS class map 33-33
port 32-2, 38-1
precedence of 32-2
QoS 33-7, 33-44
resequencing entries 32-14
router 32-2, 38-1
router ACLs and VLAN map configuration guidelines 32-36
standard IP, configuring for QoS classification 33-44
standard IPv4
creating 32-9
matching criteria 32-7
support for 1-8
support in hardware 32-21
time ranges 32-16
types supported 32-2
unsupported features, IPv4 32-6
unsupported features, IPv6 38-3
using router ACLs with VLAN maps 32-36
VLAN maps
configuration guidelines 32-29
configuring 32-28
active links 20-2
active router 39-1
address aliasing 23-2
addresses
displaying the MAC address table 6-26
dynamic
accelerated aging 17-8
changing the aging time 6-21
default aging 17-8
defined 6-19
learning 6-20
removing 6-22
MAC, discovering 6-26
multicast
group address range 41-3
STP address management 17-8
static
adding and removing 6-24
defined 6-19
address resolution 6-26, 35-8
Address Resolution Protocol
See ARP
adjacency tables, with CEF 35-72
administrative distances
defined 35-85
OSPF 35-30
routing protocol defaults 35-74
advanced IP services image 36-1
advertisements
CDP 25-1
LLDP 26-2
RIP 35-19
VTP 12-19, 13-3
aggregatable global unicast addresses 36-3
aggregate addresses, BGP 35-57
aggregated ports
See EtherChannel
aggregate policers 33-59
aggregate policing 1-10
aging, accelerating 17-8
aging time
accelerated
for MSTP 18-23
for STP 17-8, 17-21
MAC address table 6-21
maximum
for MSTP 18-23, 18-24
for STP 17-21, 17-22
alarms, RMON 29-3
allowed-VLAN list 12-21
application engines, redirecting traffic to 40-1
area border routers
See ABRs
ARP
configuring 35-9
defined 1-5, 6-26, 35-8
encapsulation 35-10
static cache configuration 35-9
table
address resolution 6-26
managing 6-26
ASBRs 35-24
AS-path filters, BGP 35-51
asymmetrical links, and IEEE 802.1Q tunneling 16-4
attributes, RADIUS
vendor-proprietary 8-31
vendor-specific 8-29
audience xliii
authentication
EIGRP 35-38
HSRP 39-10
local mode with AAA 8-36
NTP associations 6-4
RADIUS
key 8-21
login 8-23
TACACS+
defined 8-11
key 8-13
login 8-14
See also port-based authentication
authentication failed VLAN
See restricted VLAN
authentication keys, and routing protocols 35-85
authoritative time source, described 6-2
authorization
with RADIUS 8-27
with TACACS+ 8-11, 8-16
authorized ports with IEEE 802.1x 9-7
autoconfiguration 3-3
automatic discovery
considerations
beyond a noncandidate device 5-7
brand new switches 5-9
connectivity 5-4
different VLANs 5-6
management VLANs 5-7
non-CDP-capable devices 5-6
noncluster-capable devices 5-6
routed ports 5-8
in switch clusters 5-4
See also CDP
automatic QoS
See QoS
automatic recovery, clusters 5-10
See also HSRP
auto-MDIX
configuring 10-20
described 10-20
autonegotiation
duplex mode 1-3
interface configuration guidelines 10-17
mismatches 44-11
autonomous system boundary routers
See ASBRs
autonomous systems, in BGP 35-45
Auto-RP, described 41-6
autosensing, port speed 1-3
auxiliary VLAN
See voice VLAN
availability, features 1-6
B
BackboneFast
described 19-5
disabling 19-14
enabling 19-13
support for 1-6
backup interfaces
See Flex Links
backup links 20-2
banners
configuring
login 6-19
message-of-the-day login 6-18
default configuration 6-17
when displayed 6-17
BGP
aggregate addresses 35-57
aggregate routes, configuring 35-57
CIDR 35-57
clear commands 35-60
community filtering 35-54
configuring neighbors 35-55
default configuration 35-42
described 35-42
enabling 35-45
monitoring 35-60
multipath support 35-49
neighbors, types of 35-45
path selection 35-49
peers, configuring 35-55
prefix filtering 35-53
resetting sessions 35-48
route dampening 35-59
route maps 35-51
route reflectors 35-58
routing domain confederation 35-58
routing session with multi-VRF CE 35-67
show commands 35-60
supernets 35-57
support for 1-10
Version 4 35-42
binding cluster group and HSRP group 39-11
binding database
address, DHCP server
See DHCP, Cisco IOS server database
DHCP snooping
See DHCP snooping binding database
bindings
address, Cisco IOS DHCP server 21-6
DHCP snooping database 21-7
IP source guard 21-15
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 24-7
Boolean expressions in tracked lists 39-14
booting
boot loader, function of 3-2
boot process 3-2
manually 3-13
specific image 3-14
boot loader
accessing 3-14
described 3-2
environment variables 3-14
prompt 3-14
trap-door mechanism 3-2
bootstrap router (BSR), described 41-6
Border Gateway Protocol
See BGP
BPDU
error-disabled state 19-2
filtering 19-3
RSTP format 18-12
BPDU filtering
described 19-3
disabling 19-12
enabling 19-12
support for 1-6
BPDU guard
described 19-2
disabling 19-12
enabling 19-11
support for 1-6
bridged packets, ACLs on 32-38
bridge groups
See fallback bridging
bridge protocol data unit
See BPDU
broadcast flooding 35-16
broadcast packets
directed 35-13
flooded 35-13
broadcast storm-control command 24-4
broadcast storms 24-1, 35-13
C
cables, monitoring for unidirectional links 27-1
candidate switch
automatic discovery 5-4
defined 5-3
requirements 5-3
See also command switch, cluster standby group, and member switch
CA trustpoint
configuring 8-45
defined 8-43
caution, described xliv
CDP
and trusted boundary 33-39
automatic discovery in switch clusters 5-4
configuring 25-2
default configuration 25-2
defined with LLDP 26-1
described 25-1
disabling for routing device25-3to 25-4
enabling and disabling
on an interface 25-4
on a switch 25-3
Layer 2 protocol tunneling 16-8
monitoring 25-4
overview 25-1
power negotiation extensions 10-6
support for 1-5
transmission timer and holdtime, setting 25-2
updates 25-2
CEF
defined 35-72
enabling 35-73
IPv6 36-14
CGMP
as IGMP snooping learning method 23-9
clearing cached group entries 41-51
enabling server support 41-34
joining multicast group 23-3
overview 41-9
server support only 41-9
switch support of 1-4
CIDR 35-57
CipherSuites 8-44
Cisco 7960 IP Phone 15-1
Cisco Discovery Protocol
See CDP
Cisco Express Forwarding
See CEF
Cisco Group Management Protocol
See CGMP
Cisco intelligent power management 10-6
Cisco IOS DHCP server
See DHCP, Cisco IOS DHCP server
Cisco IOS File System
See IFS
Cisco Network Assistant
See Network Assistant
CiscoWorks 2000 1-4, 31-4
CIST regional root
See MSTP
CIST root
See MSTP
classless interdomain routing
See CIDR
classless routing 35-6
class maps for QoS
configuring 33-47
described 33-7
displaying 33-79
class of service
See CoS
clearing interfaces 10-29
CLI
abbreviating commands 2-4
command modes 2-1
configuration logging 2-5
described 1-4
editing features
enabling and disabling 2-7
keystroke editing 2-7
wrapped lines 2-9
error messages 2-5
filtering command output 2-10
getting help 2-3
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
managing clusters 5-15
no and default forms of commands 2-4
client mode, VTP 13-3
client processes, tracking 39-12
clock
See system clock
cluster requirements xlv
clusters, switch
accessing 5-13
automatic discovery 5-4
automatic recovery 5-10
benefits 1-2
compatibility 5-4
described 5-1
LRE profile considerations 5-14
managing
through CLI 5-15
through SNMP 5-15
planning 5-4
planning considerations
automatic discovery 5-4
automatic recovery 5-10
CLI 5-15
host names 5-13
IP addresses 5-13
LRE profiles 5-14
passwords 5-14
RADIUS 5-14
SNMP 5-14, 5-15
TACACS+ 5-14
See also candidate switch, command switch, cluster standby group, member switch, and standby command switch
cluster standby group
and HSRP group 39-11
automatic recovery 5-12
considerations 5-11
defined 5-2
requirements 5-3
virtual IP address 5-11
See also HSRP
CNS 1-5
Configuration Engine
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
embedded agents
described 4-5
enabling automated configuration 4-6
enabling configuration agent 4-9
enabling event agent 4-8
management functions 1-5
Coarse Wave Division Multiplexer
See CWDM SFPs
command-line interface
See CLI
command modes 2-1
commands
abbreviating 2-4
no and default 2-4
commands, setting privilege levels 8-8
command switch
accessing 5-11
active (AC) 5-10
configuration conflicts 44-11
defined 5-2
passive (PC) 5-10
password privilege levels 5-15
priority 5-10
recovery
from command-switch failure 5-10, 44-7
from lost member connectivity 44-11
redundant 5-10
replacing
with another switch 44-9
with cluster member 44-8
requirements 5-3
standby (SC) 5-10
See also candidate switch, cluster standby group, member switch, and standby command switch
community list, BGP 35-54
community ports 14-2
community strings
configuring 5-14, 31-8
for cluster switches 31-4
in clusters 5-14
overview 31-4
SNMP 5-14
community VLANs 14-2, 14-3
compatibility, feature 24-11
config.text 3-12
configurable leave timer, IGMP 23-6
configuration, initial
defaults 1-12
Express Setup 1-2
See also getting started guide and hardware installation guide
configuration changes, logging 30-10
configuration conflicts, recovering from lost member connectivity 44-11
configuration examples, network 1-15
configuration files
clearing the startup configuration B-19
creating using a text editor B-10
default name 3-12
deleting a stored configuration B-19
described B-8
downloading
automatically 3-12
preparing B-10, B-13, B-16
reasons for B-8
using FTP B-13
using RCP B-17
using TFTP B-11
guidelines for creating and using B-9
invalid combinations when copying B-5
limiting TFTP server access 31-16
obtaining with DHCP 3-7
password recovery disable considerations 8-5
specifying the filename 3-12
system contact and location information 31-15
types and location B-9
uploading
preparing B-10, B-13, B-16
reasons for B-8
using FTP B-14
using RCP B-18
using TFTP B-11
configuration guidelines, multi-VRF CE 35-64
configuration logger 30-10
configuration logging 2-5
configuration settings, saving 3-11
configure terminal command 10-10
config-vlan mode 2-2, 12-7
conflicts, configuration 44-11
connections, secure remote 8-38
connectivity problems 44-13, 44-15, 44-16
consistency checks in VTP Version 2 13-4
console port, connecting to 2-10
content-routing technology
See WCCP
conventions
command xliv
for examples xliv
publication xliv
text xliv
corrupted software, recovery steps with Xmodem 44-2
CoS
in Layer 2 frames 33-2
override priority 15-6
trust priority 15-6
CoS input queue threshold map for QoS 33-16
CoS output queue threshold map for QoS 33-19
CoS-to-DSCP map for QoS 33-61
counters, clearing interface 10-29
crashinfo file 44-23
critical authentication, IEEE 802.1x 9-36
cryptographic software image
Kerberos 8-32
SSH 8-37
SSL 8-42
customer edge devices 35-62
CWDM SFPs 1-21
D
daylight saving time 6-13
debugging
enabling all system diagnostics 44-20
enabling for a specific feature 44-19
redirecting error message output 44-20
using commands 44-19
default commands 2-4
default configuration
802.1x 9-21
auto-QoS 33-21
banners 6-17
BGP 35-42
booting 3-12
CDP 25-2
DHCP 21-8
DHCP option 82 21-8
DHCP snooping 21-8
DHCP snooping binding database 21-9
DNS 6-16
dynamic ARP inspection 22-5
EIGRP 35-34
EtherChannel 34-9
Ethernet interfaces 10-14
fallback bridging 43-4
Flex Links 20-4, 20-5
HSRP 39-5
IEEE 802.1Q tunneling 16-4
IGMP 41-29
IGMP filtering 23-25
IGMP snooping 23-7, 37-5, 37-6
IGMP throttling 23-25
initial switch information 3-3
IP addressing, IP routing 35-4
IP multicast routing 41-10
IP source guard 21-16
IPv6 36-9
Layer 2 interfaces 10-14
Layer 2 protocol tunneling 16-11
LLDP 26-3
MAC address table 6-21
MAC address-table move update 20-5
MSDP 42-4
MSTP 18-14
multi-VRF CE 35-64
MVR 23-20
NTP 6-4
optional spanning-tree configuration 19-9
OSPF 35-25
password and privilege level 8-2
PIM 41-10
private VLANs 14-6
RADIUS 8-20
RIP 35-19
RMON 29-3
RSPAN 28-9
SDM template 7-3
SNMP 31-7
SPAN 28-9
SSL 8-44
standard QoS 33-31
STP 17-11
system message logging 30-3
system name and prompt 6-15
TACACS+ 8-13
UDLD 27-4
VLAN, Layer 2 Ethernet interfaces 12-19
VLANs 12-8
VMPS 12-29
voice VLAN 15-3
VTP 13-6
WCCP 40-5
default gateway 3-10, 35-11
default networks 35-75
default routes 35-75
default routing 35-2
deleting VLANs 12-10
denial-of-service attack 24-1
description command 10-24
designing your network, examples 1-15
destination addresses
in IPv4 ACLs 32-11
in IPv6 ACLs 38-5
destination-IP address-based forwarding, EtherChannel 34-7
destination-MAC address forwarding, EtherChannel 34-7
detecting indirect link failures, STP 19-5
device B-19
device discovery protocol 25-1, 26-1
device manager
benefits 1-2
described 1-2, 1-4
in-band management 1-5
requirements xliv
upgrading a switch B-19
DHCP
Cisco IOS server database
configuring 21-14
default configuration 21-9
described 21-6
enabling
relay agent 21-10
server 21-10
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-3
DNS 3-6
relay device 3-6
server side 3-5
server-side 21-10
TFTP server 3-6
example 3-8
lease options
for IP address information 3-5
for receiving the configuration file 3-5
overview 3-3
relationship to BOOTP 3-4
relay support 1-5, 1-11
support for 1-5
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 21-5
configuration guidelines 21-9
default configuration 21-8
displaying 21-15
forwarding address, specifying 21-11
helper address 21-11
overview 21-3
packet format, suboption
circuit ID 21-5
remote ID 21-5
remote ID suboption 21-5
DHCP snooping
accepting untrusted packets form edge switch 21-3, 21-12
and private VLANs 21-13
binding database
See DHCP snooping binding database
configuration guidelines 21-9
default configuration 21-8
displaying binding tables 21-15
message exchange process 21-4
option 82 data insertion 21-3
trusted interface 21-2
untrusted interface 21-2
untrusted messages 21-2
DHCP snooping binding database
adding bindings 21-14
binding file
format 21-7
location 21-7
bindings 21-7
clearing agent statistics 21-15
configuration guidelines 21-10
configuring 21-14
default configuration 21-8, 21-9
deleting
binding file 21-14
bindings 21-15
database agent 21-14
described 21-7
displaying 21-15
binding entries 21-15
status and statistics 21-15
enabling 21-14
entry 21-7
renewing database 21-15
resetting
delay value 21-14
timeout value 21-14
DHCP snooping binding table
See DHCP snooping binding database
Differentiated Services architecture, QoS 33-2
Differentiated Services Code Point 33-2
Diffusing Update Algorithm (DUAL) 35-33
directed unicast requests 1-5
directories
changing B-3
creating and removing B-4
displaying the working B-3
discovery, clusters
See automatic discovery
Distance Vector Multicast Routing Protocol
See DVMRP
distance-vector protocols 35-3
distribute-list command 35-84
DNS
and DHCP-based autoconfiguration 3-6
default configuration 6-16
displaying the configuration 6-17
in IPv6 36-4
overview 6-15
setting up 6-16
support for 1-5
documentation, related xliv
document conventions xliv
domain names
DNS 6-15
VTP 13-8
Domain Name System
See DNS
dot1q-tunnel switchport mode 12-18
double-tagged packets
IEEE 802.1Q tunneling 16-2
Layer 2 protocol tunneling 16-10
downloading
configuration files
preparing B-10, B-13, B-16
reasons for B-8
using FTP B-13
using RCP B-17
using TFTP B-11
image files
deleting old image B-23
preparing B-22, B-25, B-29
reasons for B-19
using CMS 1-3
using FTP B-26
using HTTP 1-3, B-19
using RCP B-30
using TFTP B-22
using the device manager or Network Assistant B-19
drop threshold for Layer 2 protocol packets 16-11
DSCP 1-9, 33-2
DSCP input queue threshold map for QoS 33-16
DSCP output queue threshold map for QoS 33-19
DSCP-to-CoS map for QoS 33-64
DSCP-to-DSCP-mutation map for QoS 33-65
DSCP transparency 33-40
DTP 1-7, 12-17
DUAL finite state machine, EIGRP 35-34
dual IPv4 and IPv6 templates 7-2, 36-1, 36-8
dual protocol stacks
configuring 36-12
IPv4 and IPv6 36-7
SDM templates supporting 36-8
dual-purpose uplinks
defined 10-6
LEDs 10-6
link selection 10-6
setting the type 10-16
DVMRP
autosummarization
configuring a summary address 41-48
disabling 41-50
connecting PIM domain to DVMRP router 41-41
enabling unicast routing 41-44
interoperability
with Cisco devices 41-39
with Cisco IOS software 41-8
mrinfo requests, responding to 41-43
neighbors
advertising the default route to 41-43
discovery with Probe messages 41-39
displaying information 41-43
prevent peering with nonpruning 41-46
rejecting nonpruning 41-45
overview 41-8
routes
adding a metric offset 41-50
advertising all 41-50
advertising the default route to neighbors 41-43
caching DVMRP routes learned in report messages 41-44
changing the threshold for syslog messages 41-47
deleting 41-51
displaying 41-52
favoring one over another 41-50
limiting the number injected into MBONE 41-47
limiting unicast route advertisements 41-39
routing table 41-9
source distribution tree, building 41-9
support for 1-11
tunnels
configuring 41-41
displaying neighbor information 41-43
dynamic access ports
characteristics 12-3
configuring 12-30
defined 10-3
dynamic addresses
See addresses
dynamic ARP inspection
ARP cache poisoning 22-1
ARP requests, described 22-1
ARP spoofing attack 22-1
clearing
log buffer 22-15
statistics 22-15
configuration guidelines 22-6
configuring
ACLs for non-DHCP environments 22-8
in DHCP environments 22-7
log buffer 22-12
rate limit for incoming ARP packets 22-4, 22-10
default configuration 22-5
denial-of-service attacks, preventing 22-10
described 22-1
DHCP snooping binding database 22-2
displaying
ARP ACLs 22-14
configuration and operating state 22-14
log buffer 22-15
statistics 22-15
trust state and rate limit 22-14
error-disabled state for exceeding rate limit 22-4
function of 22-2
interface trust states 22-3
log buffer
clearing 22-15
configuring 22-12
displaying 22-15
logging of dropped packets, described 22-5
man-in-the middle attack, described 22-2
network security issues and interface trust states 22-3
priority of ARP ACLs and DHCP snooping entries 22-4
rate limiting of ARP packets
configuring 22-10
described 22-4
error-disabled state 22-4
statistics
clearing 22-15
displaying 22-15
validation checks, performing 22-12
dynamic auto trunking mode 12-18
dynamic desirable trunking mode 12-18
Dynamic Host Configuration Protocol
See DHCP-based autoconfiguration
dynamic port VLAN membership
described 12-28
reconfirming 12-31
troubleshooting 12-33
types of connections 12-30
dynamic routing 35-3
Dynamic Trunking Protocol
See DTP
E
EBGP 35-41
editing features
enabling and disabling 2-7
keystrokes used 2-7
wrapped lines 2-9
EIGRP
authentication 35-38
components 35-33
configuring 35-36
default configuration 35-34
definition 35-33
interface parameters, configuring 35-37
monitoring 35-40
stub routing 35-39
support for 1-10
enable password 8-3
enable secret password 8-3
encryption, CipherSuite 8-44
encryption for passwords 8-3
Enhanced IGRP
See EIGRP
enhanced object tracking
commands 39-12
defined 39-12
HSRP 39-17
IP routing state 39-13
line-protocol state 39-13
tracked lists 39-14
environment variables, function of 3-15
equal-cost routing 1-10, 35-73
error-disabled state, BPDU 19-2
error messages during command entry 2-5
EtherChannel
automatic creation of 34-4, 34-5
channel groups
binding physical and logical interfaces 34-3
numbering of 34-3
configuration guidelines 34-9
configuring
Layer 2 interfaces 34-11
Layer 3 physical interfaces 34-14
Layer 3 port-channel logical interfaces 34-13
default configuration 34-9
described 34-2
displaying status 34-20
forwarding methods 34-6, 34-16
IEEE 802.3ad, described 34-5
interaction
with STP 34-9
with VLANs 34-10
LACP
described 34-5
displaying status 34-20
hot-standby ports 34-18
interaction with other features 34-6
modes 34-5
port priority 34-19
system priority 34-19
Layer 3 interface 35-3
load balancing 34-6, 34-16
logical interfaces, described 34-3
PAgP
aggregate-port learners 34-17
compatibility with Catalyst 1900 34-17
described 34-4
displaying status 34-20
interaction with other features 34-5
learn method and priority configuration 34-17
modes 34-4
support for 1-3
port-channel interfaces
described 34-3
numbering of 34-3
port groups 10-5
support for 1-3
EtherChannel guard
described 19-7
disabling 19-14
enabling 19-14
Ethernet VLANs
adding 12-9
defaults and ranges 12-8
modifying 12-9
EUI 36-3
events, RMON 29-3
examples
conventions for xliv
network configuration 1-15
expedite queue for QoS 33-78
Express Setup 1-2
See also getting started guide
extended crashinfo file 44-23
extended-range VLANs
configuration guidelines 12-13
configuring 12-12
creating 12-13
creating with an internal VLAN ID 12-15
defined 12-1
extended system ID
MSTP 18-17
STP 17-4, 17-14
extended universal identifier
See EUI
Extensible Authentication Protocol over LAN 9-1
external BGP
See EBGP
external neighbors, BGP 35-45
F
fa0 interface 1-5
fallback bridging
and protected ports 43-4
bridge groups
creating 43-4
described 43-2
displaying 43-11
function of 43-2
number supported 43-5
removing 43-5
bridge table
clearing 43-11
displaying 43-11
configuration guidelines 43-4
connecting interfaces with 10-9
default configuration 43-4
described 43-1
frame forwarding
flooding packets 43-2
forwarding packets 43-2
overview 43-1
protocol, unsupported 43-4
STP
disabling on an interface 43-10
forward-delay interval 43-9
hello BPDU interval 43-9
interface priority 43-7
keepalive messages 17-2
maximum-idle interval 43-10
path cost 43-8
VLAN-bridge spanning-tree priority 43-6
VLAN-bridge STP 43-2
support for 1-10
SVIs and routed ports 43-2
unsupported protocols 43-4
VLAN-bridge STP 17-10
features, incompatible 24-11
FIB 35-72
fiber-optic, detecting unidirectional links 27-1
files
basic crashinfo
description 44-23
location 44-23
copying B-4
crashinfo, description 44-23
deleting B-5
displaying the contents of B-8
extended crashinfo
description 44-23
location 44-23
tar
creating B-6
displaying the contents of B-6
extracting B-7
image file format B-20
file system
displaying available file systems B-2
displaying file information B-3
local file system names B-1
network file system names B-4
setting the default B-3
filtering
in a VLAN 32-28
IPv6 traffic 38-3, 38-7
non-IP traffic 32-26
show and more command output 2-10
filtering show and more command output 2-10
filters, IP
See ACLs, IP
flash device, number of B-1
Flex Links
configuration guidelines 20-5
configuring 20-5, 20-6
configuring preferred VLAN 20-8
configuring VLAN load balancing 20-7
default configuration 20-4
description 20-1
link load balancing 20-2
monitoring 20-11
VLANs 20-2
flooded traffic, blocking 24-7
flow-based packet classification 1-9
flowcharts
QoS classification 33-6
QoS egress queueing and scheduling 33-17
QoS ingress queueing and scheduling 33-15
QoS policing and marking 33-10
flowcontrol
configuring 10-19
described 10-19
forward-delay time
MSTP 18-23
STP 17-21
Forwarding Information Base
See FIB
forwarding nonroutable protocols 43-1
FTP
accessing MIB files A-3
configuration files
downloading B-13
overview B-12
preparing the server B-13
uploading B-14
image files
deleting old image B-27
downloading B-26
preparing the server B-25
uploading B-28
G
get-bulk-request operation 31-3
get-next-request operation 31-3, 31-5
get-request operation 31-3, 31-5
get-response operation 31-3
global configuration mode 2-2
global leave, IGMP 23-13
guest VLAN and 802.1x 9-12
guide
audience xliii
purpose of xliii
guide mode 1-3
GUIs
See device manager and Network Assistant
H
hardware limitations and Layer 3 interfaces 10-25
hello time
MSTP 18-22
STP 17-20
help, for the command line 2-3
hierarchical policy maps 33-8
configuration guidelines 33-33
configuring 33-53
described 33-11
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
history table, level and number of syslog messages 30-9
host names, in clusters 5-13
host ports
configuring 14-11
kinds of 14-2
hosts, limit on dynamic ports 12-33
Hot Standby Router Protocol
See HSRP
HP OpenView 1-4
HSRP
authentication string 39-10
automatic cluster recovery 5-12
binding to cluster group 39-11
cluster standby group considerations 5-11
command-switch redundancy 1-1, 1-6
configuring 39-4
default configuration 39-5
definition 39-1
guidelines 39-5
monitoring 39-12
object tracking 39-17
overview 39-1
priority 39-7
routing redundancy 1-10
support for ICMP redirect messages 39-11
timers 39-10
tracking 39-7
See also clusters, cluster standby group, and standby command switch
HTTP over SSL
see HTTPS
HTTPS 8-42
configuring 8-46
self-signed certificate 8-43
HTTP secure server 8-42
I
IBPG 35-41
ICMP
IPv6 36-4
redirect messages 35-11
support for 1-11
time-exceeded messages 44-17
traceroute and 44-17
unreachable messages 32-19
unreachable messages and IPv6 38-4
unreachables and ACLs 32-21
ICMP ping
executing 44-14
overview 44-13
ICMP Router Discovery Protocol
See IRDP
ICMPv6 36-4
IDS appliances
and ingress RSPAN 28-20
and ingress SPAN 28-13
IEEE 802.1D
See STP
IEEE 802.1p 15-1
IEEE 802.1Q
and trunk ports 10-3
configuration limitations 12-19
encapsulation 12-16
native VLAN for untagged traffic 12-23
tunneling
compatibility with other features 16-6
defaults 16-4
described 16-1
tunnel ports with other features 16-6
IEEE 802.1s
See MSTP
IEEE 802.1w
See RSTP
IEEE 802.1x
See port-based authentication
IEEE 802.3ad
See EtherChannel
IEEE 802.3af
See PoE
IEEE 802.3x flow control 10-19
ifIndex values, SNMP 31-6
IFS 1-5
IGMP
configurable leave timer
described 23-6
enabling 23-11
configuring the switch
as a member of a group 41-29
statically connected member 41-33
controlling access to groups 41-30
default configuration 41-29
deleting cache entries 41-52
displaying groups 41-52
fast switching 41-33
flooded multicast traffic
controlling the length of time 23-12
disabling on an interface 23-13
global leave 23-13
query solicitation 23-13
recovering from flood mode 23-13
host-query interval, modifying 41-31
joining multicast group 23-3
join messages 23-3
leave processing, enabling 23-11, 37-9
leaving multicast group 23-5
multicast reachability 41-29
overview 41-3
queries 23-4
report suppression
described 23-6
disabling 23-16, 37-11
supported versions 23-3
support for 1-4
Version 1
changing to Version 2 41-31
described 41-3
Version 2
changing to Version 1 41-31
described 41-3
maximum query response time value 41-33
pruning groups 41-33
query timeout value 41-32
IGMP filtering
configuring 23-25
default configuration 23-25
described 23-24
monitoring 23-29
support for 1-4
IGMP groups
configuring filtering 23-28
setting the maximum number 23-27
IGMP Immediate Leave
configuration guidelines 23-11
described 23-6
enabling 23-11
IGMP profile
applying 23-26
configuration mode 23-25
configuring 23-26
IGMP snooping
and address aliasing 23-2
configuring 23-7
default configuration 23-7, 37-5, 37-6
definition 23-2
enabling and disabling 23-8, 37-6
global configuration 23-8
Immediate Leave 23-6
method 23-8
monitoring 23-16, 37-11
querier
configuration guidelines 23-14
configuring 23-14
supported versions 23-3
support for 1-4
VLAN configuration 23-8
IGMP throttling
configuring 23-28
default configuration 23-25
described 23-25
displaying action 23-29
IGP 35-24
Immediate Leave, IGMP 23-6
enabling 37-9
inaccessible authentication bypass 9-14
initial configuration
defaults 1-12
Express Setup 1-2
See also getting started guide and hardware installation guide
interface
number 10-10
range macros 10-12
interface command 10-10
interface configuration mode 2-3
interfaces
auto-MDIX, configuring 10-20
configuration guidelines
duplex and speed 10-17
configuring
for IPv4 and IPv6 36-12
procedure 10-10
counters, clearing 10-29
default configuration 10-14
described 10-24
descriptive name, adding 10-24
displaying information about 10-28
flow control 10-19
management 1-4
monitoring 10-28
naming 10-24
physical, identifying 10-10
range of 10-11
restarting 10-29
shutting down 10-29
speed and duplex, configuring 10-18
status 10-28
supported 10-10
types of 10-1
interfaces range macro command 10-12
interface types 10-10
Interior Gateway Protocol
See IGP
internal BGP
See IBGP
internal neighbors, BGP 35-45
Internet Control Message Protocol
See ICMP
Internet Group Management Protocol
See IGMP
Internet Protocol version 6
See IPv6
Inter-Switch Link
See ISL
inter-VLAN routing 1-10, 35-2
Intrusion Detection System
See IDS appliances
IP ACLs
for QoS classification 33-7
implicit deny 32-9, 32-13
implicit masks 32-9
named 32-14
undefined 32-20
IP addresses
128-bit 36-2
candidate or member 5-3, 5-13
classes of 35-5
cluster access 5-2
command switch 5-3, 5-11, 5-13
default configuration 35-4
discovering 6-26
for IP routing 35-4
IPv6 36-2
MAC address association 35-8
monitoring 35-17
redundant clusters 5-11
standby command switch 5-11, 5-13
See also IP information
IP base image 1-1
IP broadcast address 35-15
ip cef distributed command 35-72
IP directed broadcasts 35-13
ip igmp profile command 23-25
IP information
assigned
manually 3-10
through DHCP-based autoconfiguration 3-3
default configuration 3-3
IP multicast routing
addresses
all-hosts 41-3
all-multicast-routers 41-3
host group address range 41-3
administratively-scoped boundaries, described 41-37
and IGMP snooping 23-2
Auto-RP
adding to an existing sparse-mode cloud 41-16
benefits of 41-15
clearing the cache 41-52
configuration guidelines 41-11
filtering incoming RP announcement messages 41-18
overview 41-6
preventing candidate RP spoofing 41-18
preventing join messages to false RPs 41-17
setting up in a new internetwork 41-16
using with BSR 41-24
bootstrap router
configuration guidelines 41-11
configuring candidate BSRs 41-22
configuring candidate RPs 41-23
defining the IP multicast boundary 41-21
defining the PIM domain border 41-20
overview 41-6
using with Auto-RP 41-24
Cisco implementation 41-2
configuring
basic multicast routing 41-11
IP multicast boundary 41-37
default configuration 41-10
enabling
multicast forwarding 41-12
PIM mode 41-12
group-to-RP mappings
Auto-RP 41-6
BSR 41-6
MBONE
deleting sdr cache entries 41-52
described 41-35
displaying sdr cache 41-53
enabling sdr listener support 41-36
limiting DVMRP routes advertised 41-47
limiting sdr cache entry lifetime 41-36
SAP packets for conference session announcement 41-35
Session Directory (sdr) tool, described 41-35
monitoring
packet rate loss 41-53
peering devices 41-53
tracing a path 41-53
multicast forwarding, described 41-7
PIMv1 and PIMv2 interoperability 41-10
protocol interaction 41-2
reverse path check (RPF) 41-7
routing table
deleting 41-52
displaying 41-52
RP
assigning manually 41-14
configuring Auto-RP 41-15
configuring PIMv2 BSR 41-20
monitoring mapping information 41-24
using Auto-RP and BSR 41-24
statistics, displaying system and network 41-52
See also CGMP
See also DVMRP
See also IGMP
See also PIM
IP phones
and QoS 15-1
automatic classification and queueing 33-20
configuring 15-4
ensuring port security with QoS 33-39
trusted boundary for QoS 33-39
IP precedence 33-2
IP-precedence-to-DSCP map for QoS 33-62
IP protocols
in ACLs 32-11
routing 1-10
IP routes, monitoring 35-87
IP routing
connecting interfaces with 10-9
disabling 35-18
enabling 35-18
IP services image 1-1
IP source guard
and 802.1x 21-17
and DHCP snooping 21-15
and EtherChannels 21-17
and port security 21-17
and private VLANs 21-17
and routed ports 21-17
and TCAM entries 21-17
and trunk interfaces 21-17
and VRF 21-17
binding configuration
automatic 21-15
manual 21-15
binding table 21-15
configuration guidelines 21-17
default configuration 21-16
described 21-15
disabling 21-18
displaying
bindings 21-19
configuration 21-19
enabling 21-17
filtering
source IP address 21-16
source IP and MAC address 21-16
source IP address filtering 21-16
source IP and MAC address filtering 21-16
static bindings
adding 21-17
deleting 21-18
IP traceroute
executing 44-17
overview 44-16
IP unicast routing
address resolution 35-8
administrative distances 35-74, 35-85
ARP 35-8
assigning IP addresses to Layer 3 interfaces 35-5
authentication keys 35-85
broadcast
address 35-15
flooding 35-16
packets 35-13
storms 35-13
classless routing 35-6
configuring static routes 35-74
default
addressing configuration 35-4
gateways 35-11
networks 35-75
routes 35-75
routing 35-2
directed broadcasts 35-13
disabling 35-18
dynamic routing 35-3
enabling 35-18
EtherChannel Layer 3 interface 35-3
IGP 35-24
inter-VLAN 35-2
IP addressing
classes 35-5
configuring 35-4
IPv6 36-3
IRDP 35-12
Layer 3 interfaces 35-3
MAC address and IP address 35-8
passive interfaces 35-83
protocols
distance-vector 35-3
dynamic 35-3
link-state 35-3
proxy ARP 35-8
redistribution 35-76
reverse address resolution 35-8
routed ports 35-3
static routing 35-3
steps to configure 35-4
subnet mask 35-5
subnet zero 35-6
supernet 35-6
UDP 35-15
with SVIs 35-3
See also BGP
See also EIGRP
See also OSPF
See also RIP
IPv4 ACLs
applying to interfaces 32-19
extended, creating 32-10
named 32-14
standard, creating 32-9
IPv4 and IPv6
configuring on an interface 36-12
differences 36-2
dual protocol stacks 36-6
IPv6
ACLs
displaying 38-8
limitations 38-3
matching criteria 38-3
port 38-1
precedence 38-2
router 38-1
supported 38-2
addresses 36-2
address formats 36-2
advantages 36-2
applications 36-5
assigning address 36-10
autoconfiguration 36-5
CEFv6 36-14
configuring static routes 36-15
default configuration 36-9
defined 36-1
enabling 36-10
feature limitations 36-7
features not supported 36-6
ICMP 36-4
ICMP rate limiting 36-14
monitoring 36-21
neighbor discovery 36-4
OSPF 36-19
path MTU discovery 36-4
reasons for 36-1
RIP 36-17
SDM templates 7-2, 36-7, 37-1, 38-1
supported features 36-3
switch limitations 36-7
IPv6 traffic, filtering 38-3
IRDP
configuring 35-12
definition 35-12
support for 1-11
ISL
and IPv6 36-3
and trunk ports 10-3
encapsulation 1-7, 12-16
trunking with IEEE 802.1 tunneling 16-5
isolated port 14-2
isolated VLANs 14-2, 14-3
J
join messages, IGMP 23-3
K
KDC
described 8-32
See also Kerberos
keepalive messages 17-2
Kerberos
authenticating to
boundary switch 8-34
KDC 8-34
network services 8-35
configuration examples 8-32
configuring 8-35
credentials 8-32
cryptographic software image 8-32
described 8-32
KDC 8-32
operation 8-34
realm 8-33
server 8-34
support for 1-9
switch as trusted third party 8-32
terms 8-33
TGT 8-34
tickets 8-32
key distribution center
See KDC
L
l2protocol-tunnel command 16-13
LACP
Layer 2 protocol tunneling 16-9
See EtherChannel
Layer 2 frames, classification with CoS 33-2
Layer 2 interfaces, default configuration 10-14
Layer 2 protocol tunneling
configuring 16-10
configuring for EtherChannels 16-14
default configuration 16-11
defined 16-8
guidelines 16-11
Layer 2 traceroute
and ARP 44-16
and CDP 44-15
broadcast traffic 44-15
described 44-15
IP addresses and subnets 44-16
MAC addresses and VLANs 44-15
multicast traffic 44-15
multiple devices on a port 44-16
unicast traffic 44-15
usage guidelines 44-15
Layer 3 features 1-10
Layer 3 interfaces
assigning IP addresses to 35-5
assigning IPv4 and IPv6 addresses to 36-12
assigning IPv6 addresses to 36-10
changing from Layer 2 mode 35-5
types of 35-3
Layer 3 packets, classification methods 33-2
LDAP 4-2
LEDs, switch
See hardware installation guide
lightweight directory access protocol
See LDAP
line configuration mode 2-3
Link Aggregation Control Protocol
See EtherChannel
link failure, detecting unidirectional 18-8
Link Layer Discovery Protocol
See CDP
link local unicast addresses 36-3
link redundancy
See Flex Links
links, unidirectional 27-1
link state advertisements (LSAs) 35-28
link-state protocols 35-3
link-state tracking
configuring 34-23
described 34-21
LLDP
configuring 26-3
characteristics 26-3
default configuration 26-3
disabling and enabling
globally 26-4
on an interface 26-5
monitoring and maintaining 26-7
overview 26-1
supported TLVs 26-2
switch stack considerations 26-2
transmission timer and holdtime, setting 26-3
LLDP-MED
configuring
procedures 26-3
TLVs 26-6
monitoring and maintaining 26-7
overview 26-1, 26-2
supported TLVs 26-2
LLDP Media Endpoint Discovery
See LLDP-MED
load balancing 39-3
local SPAN 28-2
logging messages, ACL 32-8
login authentication
with RADIUS 8-23
with TACACS+ 8-14
login banners 6-17
log messages
See system message logging
Long-Reach Ethernet (LRE) technology 1-16
loop guard
described 19-9
enabling 19-15
support for 1-6
LRE profiles, considerations in switch clusters 5-14
M
MAB aging timer 1-7
MAB inactivity timer
default setting 9-22
range 9-24
MAC addresses
aging time 6-21
and VLAN association 6-20
building the address table 6-20
default configuration 6-21
discovering 6-26
displaying 6-26
displaying in the IP source binding table 21-19
dynamic
learning 6-20
removing 6-22
in ACLs 32-26
IP address association 35-8
static
adding 6-24
allowing 6-26
characteristics of 6-24
dropping 6-25
removing 6-24
MAC address notification, support for 1-11
MAC address-table move update
configuration guidelines 20-5
configuring 20-9
default configuration 20-5
description 20-3
monitoring 20-11
MAC address-to-VLAN mapping 12-28
MAC authentication bypass
See MAB
MAC extended access lists
applying to Layer 2 interfaces 32-27
configuring for QoS 33-46
creating 32-26
defined 32-26
for QoS classification 33-5
macros
See Smartports macros
magic packet 9-16
manageability features 1-5
management access
in-band
browser session 1-5
CLI session 1-5
device manager 1-5
SNMP 1-5
out-of-band console port connection 1-5
management options
CLI 2-1
clustering 1-3
CNS 4-1
Network Assistant 1-2
overview 1-4
management VLAN
considerations in switch clusters 5-7
discovery through different management VLANs 5-7
mapping tables for QoS
configuring
CoS-to-DSCP 33-61
DSCP 33-61
DSCP-to-CoS 33-64
DSCP-to-DSCP-mutation 33-65
IP-precedence-to-DSCP 33-62
policed-DSCP 33-63
described 33-12
marking
action in policy map 33-49
action with aggregate policers 33-59
described 33-4, 33-8
matching
IPv6 ACLs 38-3
matching, IPv4 ACLs 32-7
maximum aging time
MSTP 18-23
STP 17-21
maximum hop count, MSTP 18-24
maximum-paths command 35-49, 35-73
MDA
configuration guidelines 9-19
described 1-8, 9-18
exceptions with authentication process 9-4
membership mode, VLAN port 12-3
member switch
automatic discovery 5-4
defined 5-2
managing 5-15
passwords 5-13
recovering from lost connectivity 44-11
requirements 5-3
See also candidate switch, cluster standby group, and standby command switch
messages, to users through banners 6-17
metrics, in BGP 35-49
metric translations, between routing protocols 35-79
metro tags 16-2
MHSRP 39-3
MIBs
accessing files with FTP A-3
location of files A-3
overview 31-1
SNMP interaction with 31-4
supported A-1
mirroring traffic for analysis 28-1
mismatches, autonegotiation 44-11
module number 10-10
monitoring
access groups 32-40
BGP 35-60
cables for unidirectional links 27-1
CDP 25-4
CEF 35-73
EIGRP 35-40
fallback bridging 43-11
features 1-11
Flex Links 20-11
HSRP 39-12
IEEE 802.1Q tunneling 16-18
IGMP
filters 23-29
snooping 23-16, 37-11
interfaces 10-28
IP
address tables 35-17
multicast routing 41-51
routes 35-87
IPv4 ACL configuration 32-40
IPv6 36-21
IPv6 ACL configuration 38-8
Layer 2 protocol tunneling 16-18
MAC address-table move update 20-11
MSDP peers 42-18
multicast router interfaces 23-17, 37-11
multi-VRF CE 35-71
MVR 23-24
network traffic for analysis with probe 28-2
OSPF 35-32
port
blocking 24-19
protection 24-19
private VLANs 14-14
RP mapping information 41-24
SFP status 10-28, 44-13
source-active messages 42-18
speed and duplex mode 10-18
traffic flowing among switches 29-1
traffic suppression 24-19
tunneling 16-18
VLAN
filters 32-40
maps 32-40
VLANs 12-16
VMPS 12-32
VTP 13-16
MSDP
benefits of 42-3
clearing MSDP connections and statistics 42-18
controlling source information
forwarded by switch 42-11
originated by switch 42-9
received by switch 42-13
default configuration 42-4
dense-mode regions
sending SA messages to 42-16
specifying the originating address 42-17
filtering
incoming SA messages 42-14
SA messages to a peer 42-12
SA requests from a peer 42-10
join latency, defined 42-6
meshed groups
configuring 42-15
defined 42-15
originating address, changing 42-17
overview 42-1
peer-RPF flooding 42-2
peers
configuring a default 42-4
monitoring 42-18
peering relationship, overview 42-1
requesting source information from 42-8
shutting down 42-15
source-active messages
caching 42-6
clearing cache entries 42-18
defined 42-2
filtering from a peer 42-10
filtering incoming 42-14
filtering to a peer 42-12
limiting data with TTL 42-13
monitoring 42-18
restricting advertised sources 42-9
support for 1-11
MSTP
boundary ports
configuration guidelines 18-15
described 18-6
BPDU filtering
described 19-3
enabling 19-12
BPDU guard
described 19-2
enabling 19-11
CIST, described 18-3
CIST regional root 18-3
CIST root 18-5
configuration guidelines 18-15, 19-10
configuring
forward-delay time 18-23
hello time 18-22
link type for rapid convergence 18-24
maximum aging time 18-23
maximum hop count 18-24
MST region 18-16
neighbor type 18-25
path cost 18-20
port priority 18-19
root switch 18-17
secondary root switch 18-18
switch priority 18-21
CST
defined 18-3
operations between regions 18-4
default configuration 18-14
default optional feature configuration 19-9
displaying status 18-26
enabling the mode 18-16
EtherChannel guard
described 19-7
enabling 19-14
extended system ID
effects on root switch 18-17
effects on secondary root switch 18-18
unexpected behavior 18-17
IEEE 802.1s
implementation 18-6
port role naming change 18-7
terminology 18-5
instances supported 17-9
interface state, blocking to forwarding 19-2
interoperability and compatibility among modes 17-10
interoperability with IEEE 802.1D
described 18-8
restarting migration process 18-25
IST
defined 18-3
master 18-3
operations within a region 18-3
loop guard
described 19-9
enabling 19-15
mapping VLANs to MST instance 18-16
MST region
CIST 18-3
configuring 18-16
described 18-2
hop-count mechanism 18-5
IST 18-3
supported spanning-tree instances 18-2
optional features supported 1-6
overview 18-2
Port Fast
described 19-2
enabling 19-10
preventing root switch selection 19-8
root guard
described 19-8
enabling 19-15
root switch
configuring 18-17
effects of extended system ID 18-17
unexpected behavior 18-17
shutdown Port Fast-enabled port 19-2
status, displaying 18-26
multicast groups
Immediate Leave 23-6
joining 23-3
leaving 23-5
static joins 23-10, 37-7
multicast packets
ACLs on 32-39
blocking 24-7
multicast router interfaces, monitoring 23-17, 37-11
multicast router ports, adding 23-9, 37-8
Multicast Source Discovery Protocol
See MSDP
multicast storm 24-1
multicast storm-control command 24-4
multicast television application 23-18
multicast VLAN 23-17
Multicast VLAN Registration
See MVR
multidomain authentication
See MDA
Multiple HSRP
See MHSRP
multiple VPN routing/forwarding in customer edge devices
See multi-VRF CE
multi-VRF CE
configuration example 35-67
configuration guidelines 35-64
configuring 35-63
default configuration 35-64
defined 35-61
displaying 35-71
monitoring 35-71
network components 35-63
packet-forwarding process 35-63
support for 1-10
MVR
and address aliasing 23-21
and IGMPv3 23-21
configuration guidelines 23-20
configuring interfaces 23-22
default configuration 23-20
described 23-17
example application 23-18
modes 23-21
monitoring 23-24
multicast television application 23-18
setting global parameters 23-21
support for 1-4
N
NAC
AAA down policy 1-9
critical authentication 9-14, 9-36
IEEE 802.1x authentication using a RADIUS server 9-40
IEEE 802.1x validation using RADIUS server 9-40
inaccessible authentication bypass 1-9, 9-36
Layer 2 IEEE 802.1x validation 1-8, 9-40
Layer 2 IEEE802.1x validation 9-18
Layer 2 IP validation 1-9
named IPv4 ACLs 32-14
NameSpace Mapper
See NSM
native VLAN
and IEEE 802.1Q tunneling 16-4
configuring 12-23
default 12-23
neighbor discovery, IPv6 36-4
neighbor discovery/recovery, EIGRP 35-33
neighbors, BGP 35-55
Network Admission Control
NAC
Network Assistant
benefits 1-2
described 1-4
downloading image files 1-3
guide mode 1-3
management options 1-2
requirements xliv
upgrading a switch B-19
wizards 1-3
network configuration examples
increasing network performance 1-15
large network 1-20
long-distance, high-bandwidth transport 1-21
providing network services 1-16
server aggregation and Linux server cluster 1-17
small to medium-sized network 1-18
network design
performance 1-15
services 1-16
network management
CDP 25-1
RMON 29-1
SNMP 31-1
Network Time Protocol
See NTP
no commands 2-4
nonhierarchical policy maps
configuration guidelines 33-33
configuring 33-49
described 33-9
non-IP traffic filtering 32-26
nontrunking mode 12-18
normal-range VLANs 12-4
configuration guidelines 12-6
configuration modes 12-7
configuring 12-4
defined 12-1
no switchport command 10-4
note, described xliv
not-so-stubby areas
See NSSA
NSM 4-3
NSSA, OSPF 35-28
NTP
associations
authenticating 6-4
defined 6-2
enabling broadcast messages 6-6
peer 6-5
server 6-5
default configuration 6-4
displaying the configuration 6-11
overview 6-2
restricting access
creating an access group 6-8
disabling NTP services per interface 6-10
source IP address, configuring 6-10
stratum 6-2
support for 1-5
synchronizing devices 6-5
time
services 6-2
synchronizing 6-2
O
object tracking, HSRP 39-17
online diagnostics
overview 45-1
running tests 45-3
understanding 45-1
Open Shortest Path First
See OSPF
optimizing system resources 7-1
options, management 1-4
OSPF
area parameters, configuring 35-28
configuring 35-26
default configuration
metrics 35-30
route 35-30
settings 35-25
described 35-24
for IPv6 36-19
interface parameters, configuring 35-27
LSA group pacing 35-31
monitoring 35-32
router IDs 35-32
route summarization 35-29
support for 1-10
virtual links 35-30
out-of-profile markdown 1-10
P
packet modification, with QoS 33-19
PAgP
Layer 2 protocol tunneling 16-9
See EtherChannel
parallel paths, in routing tables 35-73
passive interfaces
configuring 35-83
OSPF 35-30
passwords
default configuration 8-2
disabling recovery of 8-5
encrypting 8-3
for security 1-7
in clusters 5-14
overview 8-1
recovery of 44-3
setting
enable 8-3
enable secret 8-3
Telnet 8-6
with usernames 8-6
VTP domain 13-8
path cost
MSTP 18-20
STP 17-18
path MTU discovery 36-4
PBR
defined 35-79
enabling 35-81
fast-switched policy-based routing 35-82
local policy-based routing 35-82
PC (passive command switch) 5-10
peers, BGP 35-55
percentage thresholds in tracked lists 39-16
performance, network design 1-15
performance features 1-3
persistent self-signed certificate 8-43
per-VLAN spanning-tree plus
See PVST+
PE to CE routing, configuring 35-67
physical ports 10-2
PIM
default configuration 41-10
dense mode
overview 41-4
rendezvous point (RP), described 41-5
RPF lookups 41-8
displaying neighbors 41-52
enabling a mode 41-12
overview 41-4
router-query message interval, modifying 41-28
shared tree and source tree, overview 41-25
shortest path tree, delaying the use of 41-26
sparse mode
join messages and shared tree 41-5
overview 41-5
prune messages 41-5
RPF lookups 41-8
stub routing
displaying 41-52
enabling 41-13
overview 41-5
support for 1-11
versions
interoperability 41-10
troubleshooting interoperability problems 41-25
v2 improvements 41-4
PIM-DVMRP, as snooping method 23-9
ping
character output description 44-14
executing 44-14
overview 44-13
PoE
auto mode 10-8
CDP with power consumption, described 10-6
CDP with power negotiation, described 10-6
Cisco intelligent power management 10-6
configuring 10-21
devices supported 10-6
high-power devices operating in low-power mode 10-6
IEEE power classification levels 10-7
power budgeting 10-22
power consumption 10-22
powered-device detection and initial power allocation 10-7
power management modes 10-8
power negotiation extensions to CDP 10-6
standards supported 10-6
static mode 10-8
supported watts per port 10-6
troubleshooting 44-11
policed-DSCP map for QoS 33-63
policers
configuring
for each matched traffic class 33-49
for more than one traffic class 33-59
described 33-4
displaying 33-79
number of 33-34
types of 33-9
policing
described 33-4
hierarchical
See hierarchical policy maps
token-bucket algorithm 33-9
policy-based routing
See PBR
policy maps for QoS
characteristics of 33-49
described 33-7
displaying 33-80
hierarchical 33-8
hierarchical on SVIs
configuration guidelines 33-33
configuring 33-53
described 33-11
nonhierarchical on physical ports
configuration guidelines 33-33
configuring 33-49
described 33-9
port ACLs
defined 32-2
types of 32-3
Port Aggregation Protocol
See EtherChannel
port-based authentication
accounting 9-8
authentication server
defined 9-2
RADIUS server 9-3
client, defined 9-2
configuration guidelines 9-22
configuring
802.1x authentication 9-25
guest VLAN 9-34
host mode 9-27
inaccessible authentication bypass 9-36
manual re-authentication of a client 9-29
periodic re-authentication 9-29
quiet period 9-30
RADIUS server 9-27
RADIUS server parameters on the switch 9-26
restricted VLAN 9-35
switch-to-client frame-retransmission number 9-31, 9-32
switch-to-client retransmission time 9-30
default configuration 9-21
described 9-1
device roles 9-2
displaying statistics 9-44
EAPOL-start frame 9-5
EAP-request/identity frame 9-5
EAP-response/identity frame 9-5
encapsulation 9-3
guest VLAN
configuration guidelines 9-12, 9-13
described 9-12
host mode 9-7
inaccessible authentication bypass
configuring 9-36
described 9-14
guidelines 9-24
initiation and message exchange 9-5
magic packet 9-16
method lists 9-25
multiple-hosts mode, described 9-8
per-user ACLs
AAA authorization 9-25
configuration tasks 9-11
described 9-11
RADIUS server attributes 9-11
ports
authorization state and dot1x port-control command 9-7
authorized and unauthorized 9-7
critical 9-14
voice VLAN 9-15
port security
and voice VLAN 9-16
described 9-15
interactions 9-16
multiple-hosts mode 9-8
resetting to default values 9-44
statistics, displaying 9-44
switch
as proxy 9-3
RADIUS client 9-3
upgrading from a previous release 9-24, 33-26
VLAN assignment
AAA authorization 9-25
characteristics 9-10
configuration tasks 9-10
described 9-10
voice VLAN
described 9-15
PVID 9-15
VVID 9-15
wake-on-LAN, described 9-16
port blocking 1-4, 24-7
port-channel
See EtherChannel
Port Fast
described 19-2
enabling 19-10
mode, spanning tree 12-29
support for 1-6
port membership modes, VLAN 12-3
port priority
MSTP 18-19
STP 17-17
ports
access 10-3
blocking 24-7
dual-purpose uplink 10-6
dynamic access 12-3
IEEE 802.1Q tunnel 12-4
protected 24-5
routed 10-4
secure 24-8
static-access 12-3, 12-11
switch 10-2
trunks 12-3, 12-16
VLAN assignments 12-11
port security
aging 24-16
and private VLANs 24-18
and QoS trusted boundary 33-39
configuring 24-12
default configuration 24-10
described 24-8
displaying 24-19
enabling 24-18
on trunk ports 24-13
sticky learning 24-9
violations 24-9
with other features 24-10
port-shutdown response, VMPS 12-28
Power over Ethernet
See PoE
preemption, default configuration 20-4
preemption delay, default configuration 20-5
preferential treatment of traffic
See QoS
prefix lists, BGP 35-53
preventing unauthorized access 8-1
primary links 20-2
primary VLANs 14-1, 14-3
priority
HSRP 39-7
overriding CoS 15-6
trusting CoS 15-6
private VLAN edge ports
See protected ports
private VLANs
across multiple switches 14-4
and SDM template 14-4
and SVIs 14-5
benefits of 14-1
community ports 14-2
community VLANs 14-2, 14-3
configuration guidelines 14-6, 14-8
configuration tasks 14-6
configuring 14-9
default configuration 14-6
end station access to 14-3
IP addressing 14-3
isolated port 14-2
isolated VLANs 14-2, 14-3
mapping 14-13
monitoring 14-14
ports
community 14-2
configuration guidelines 14-8
configuring host ports 14-11
configuring promiscuous ports 14-12
described 12-4
isolated 14-2
promiscuous 14-2
primary VLANs 14-1, 14-3
promiscuous ports 14-2
secondary VLANs 14-2
subdomains 14-1
traffic in 14-5
privileged EXEC mode 2-2
privilege levels
changing the default for lines 8-9
command switch 5-15
exiting 8-9
logging into 8-9
mapping on member switches 5-15
overview 8-2, 8-7
setting a command with 8-8
promiscuous ports
configuring 14-12
defined 14-2
protected ports 1-7, 24-5
protocol-dependent modules, EIGRP 35-34
Protocol-Independent Multicast Protocol
See PIM
provider edge devices 35-62
proxy ARP
configuring 35-10
definition 35-8
with IP routing disabled 35-11
pruning, VTP
disabling
in VTP domain 13-14
on a port 12-23
enabling
in VTP domain 13-14
on a port 12-22
examples 13-5
overview 13-4
pruning-eligible list
changing 12-22
for VTP pruning 13-4
VLANs 13-14
PVST+
described 17-9
IEEE 802.1Q trunking interoperability 17-10
instances supported 17-9
Q
QoS
and MQC commands 33-1
auto-QoS
categorizing traffic 33-21
configuration and defaults display 33-30
configuration guidelines 33-25
described 33-20
disabling 33-27
displaying generated commands 33-27
displaying the initial configuration 33-30
effects on running configuration 33-25
egress queue defaults 33-21
enabling for VoIP 33-26
example configuration 33-28
ingress queue defaults 33-21
list of generated commands 33-22
basic model 33-4
classification
class maps, described 33-7
defined 33-4
DSCP transparency, described 33-40
flowchart 33-6
forwarding treatment 33-3
in frames and packets 33-3
IP ACLs, described 33-5, 33-7
MAC ACLs, described 33-5, 33-7
options for IP traffic 33-5
options for non-IP traffic 33-5
policy maps, described 33-7
trust DSCP, described 33-5
trusted CoS, described 33-5
trust IP precedence, described 33-5
class maps
configuring 33-47
displaying 33-79
configuration guidelines
auto-QoS 33-25
standard QoS 33-33
configuring
aggregate policers 33-59
auto-QoS 33-20
default port CoS value 33-38
DSCP maps 33-61
DSCP transparency 33-40
DSCP trust states bordering another domain 33-41
egress queue characteristics 33-71
ingress queue characteristics 33-67
IP extended ACLs 33-45
IP standard ACLs 33-44
MAC ACLs 33-46
policy maps, hierarchical 33-53
policy maps on physical ports 33-49
port trust states within the domain 33-36
trusted boundary 33-39
default auto configuration 33-21
default standard configuration 33-31
displaying statistics 33-79
DSCP transparency 33-40
egress queues
allocating buffer space 33-72
buffer allocation scheme, described 33-18
configuring shaped weights for SRR 33-76
configuring shared weights for SRR 33-77
described 33-4
displaying the threshold map 33-75
flowchart 33-17
mapping DSCP or CoS values 33-74
scheduling, described 33-4
setting WTD thresholds 33-72
WTD, described 33-19
enabling globally 33-35
flowcharts
classification 33-6
egress queueing and scheduling 33-17
ingress queueing and scheduling 33-15
policing and marking 33-10
implicit deny 33-7
ingress queues
allocating bandwidth 33-69
allocating buffer space 33-69
buffer and bandwidth allocation, described 33-16
configuring shared weights for SRR 33-69
configuring the priority queue 33-70
described 33-4
displaying the threshold map 33-68
flowchart 33-15
mapping DSCP or CoS values 33-68
priority queue, described 33-16
scheduling, described 33-4
setting WTD thresholds 33-68
WTD, described 33-16
IP phones
automatic classification and queueing 33-20
detection and trusted settings 33-20, 33-39
limiting bandwidth on egress interface 33-78
mapping tables
CoS-to-DSCP 33-61
displaying 33-79
DSCP-to-CoS 33-64
DSCP-to-DSCP-mutation 33-65
IP-precedence-to-DSCP 33-62
policed-DSCP 33-63
types of 33-12
marked-down actions 33-51, 33-56
marking, described 33-4, 33-8
overview 33-2
packet modification 33-19
policers
configuring 33-51, 33-56, 33-59
described 33-8
displaying 33-79
number of 33-34
types of 33-9
policies, attaching to an interface 33-8
policing
described 33-4, 33-8
token bucket algorithm 33-9
policy maps
characteristics of 33-49
displaying 33-80
hierarchical 33-8
hierarchical on SVIs 33-53
nonhierarchical on physical ports 33-49
QoS label, defined 33-4
queues
configuring egress characteristics 33-71
configuring ingress characteristics 33-67
high priority (expedite) 33-19, 33-78
location of 33-13
SRR, described 33-14
WTD, described 33-13
rewrites 33-19
support for 1-9
trust states
bordering another domain 33-41
described 33-5
trusted device 33-39
within the domain 33-36
quality of service
See QoS
queries, IGMP 23-4
query solicitation, IGMP 23-13
R
RADIUS
attributes
vendor-proprietary 8-31
vendor-specific 8-29
configuring
accounting 8-28
authentication 8-23
authorization 8-27
communication, global 8-21, 8-29
communication, per-server 8-21
multiple UDP ports 8-21
default configuration 8-20
defining AAA server groups 8-25
displaying the configuration 8-31
identifying the server 8-21
in clusters 5-14
limiting the services to the user 8-27
method list, defined 8-20
operation of 8-19
overview 8-18
suggested network environments 8-18
support for 1-9
tracking services accessed by user 8-28
range
macro 10-12
of interfaces 10-11
rapid convergence 18-10
rapid per-VLAN spanning-tree plus
See rapid PVST+
rapid PVST+
described 17-9
IEEE 802.1Q trunking interoperability 17-10
instances supported 17-9
Rapid Spanning Tree Protocol
See RSTP
RARP 35-8
rcommand command 5-15
RCP
configuration files
downloading B-17
overview B-15
preparing the server B-16
uploading B-18
image files
deleting old image B-32
downloading B-30
preparing the server B-29
uploading B-32
reconfirmation interval, VMPS, changing 12-31
reconfirming dynamic VLAN membership 12-31
recovery procedures 44-1
redundancy
EtherChannel 34-3
HSRP 39-1
STP
backbone 17-8
path cost 12-26
port priority 12-24
redundant links and UplinkFast 19-13
reliable transport protocol, EIGRP 35-33
reloading software 3-16
Remote Authentication Dial-In User Service
See RADIUS
Remote Copy Protocol
See RCP
Remote Network Monitoring
See RMON
Remote SPAN
See RSPAN
remote SPAN 28-2
report suppression, IGMP
described 23-6
disabling 23-16, 37-11
requirements
cluster xlv
device manager xliv
Network Assistant xliv
resequencing ACL entries 32-14
resets, in BGP 35-48
resetting a UDLD-shutdown interface 27-6
restricted VLAN
configuring 9-35
described 9-13
using with IEEE 802.1x 9-13
restricting access
NTP services 6-8
overview 8-1
passwords and privilege levels 8-2
RADIUS 8-18
TACACS+ 8-10
retry count, VMPS, changing 12-32
reverse address resolution 35-8
Reverse Address Resolution Protocol
See RARP
RFC
1058, RIP 35-18
1112, IP multicast and IGMP 23-2
1157, SNMPv1 31-2
1163, BGP 35-40
1166, IP addresses 35-5
1253, OSPF 35-24
1267, BGP 35-40
1305, NTP 6-2
1587, NSSAs 35-24
1757, RMON 29-2
1771, BGP 35-40
1901, SNMPv2C 31-2
1902 to 1907, SNMPv2 31-2
2236, IP multicast and IGMP 23-2
2273-2275, SNMPv3 31-2
RIP
advertisements 35-19
authentication 35-21
configuring 35-20
default configuration 35-19
described 35-19
for IPv6 36-17
hop counts 35-19
split horizon 35-22
summary addresses 35-22
support for 1-10
RMON
default configuration 29-3
displaying status 29-6
enabling alarms and events 29-3
groups supported 29-2
overview 29-1
statistics
collecting group Ethernet 29-5
collecting group history 29-5
support for 1-12
root guard
described 19-8
enabling 19-15
support for 1-6
root switch
MSTP 18-17
STP 17-14
route calculation timers, OSPF 35-30
route dampening, BGP 35-59
routed packets, ACLs on 32-38
routed ports
configuring 35-3
defined 10-4
in switch clusters 5-8
IP addresses on 10-25, 35-4
route-map command 35-82
route maps
BGP 35-51
policy-based routing 35-80
router ACLs
defined 32-2
types of 32-4
route reflectors, BGP 35-58
router ID, OSPF 35-32
route selection, BGP 35-49
route summarization, OSPF 35-29
route targets, VPN 35-63
routing
default 35-2
dynamic 35-3
redistribution of information 35-76
static 35-3
routing domain confederation, BGP 35-58
Routing Information Protocol
See RIP
routing protocol administrative distances 35-74
RSPAN
characteristics 28-8
configuration guidelines 28-16
default configuration 28-9
defined 28-2
destination ports 28-7
displaying status 28-23
interaction with other features 28-8
monitored ports 28-5
monitoring ports 28-7
overview 1-11, 28-1
received traffic 28-4
sessions
creating 28-17
defined 28-3
limiting source traffic to specific VLANs 28-22
specifying monitored ports 28-17
with ingress traffic enabled 28-20
source ports 28-5
transmitted traffic 28-5
VLAN-based 28-6
RSTP
active topology 18-9
BPDU
format 18-12
processing 18-13
designated port, defined 18-9
designated switch, defined 18-9
interoperability with IEEE 802.1D
described 18-8
restarting migration process 18-25
topology changes 18-13
overview 18-8
port roles
described 18-9
synchronized 18-11
proposal-agreement handshake process 18-10
rapid convergence
described 18-10
edge ports and Port Fast 18-10
point-to-point links 18-10, 18-24
root ports 18-10
root port, defined 18-9
See also MSTP
running configuration, saving 3-11
S
SC (standby command switch) 5-10
scheduled reloads 3-16
SDM
described 7-1
templates
configuring 7-4
number of 7-1
SDM template
configuration guidelines 7-4
configuring 7-3
dual IPv4 and IPv6 7-2
types of 7-1
secondary VLANs 14-2
secure HTTP client
configuring 8-47
displaying 8-48
secure HTTP server
configuring 8-46
displaying 8-48
secure MAC addresses
deleting 24-15
maximum number of 24-9
types of 24-8
secure ports, configuring 24-8
secure remote connections 8-38
Secure Shell
See SSH
Secure Socket Layer
See SSL
security, port 24-8
security features 1-7
sequence numbers in log messages 30-7
server mode, VTP 13-3
service-provider network, MSTP and RSTP 18-1
service-provider networks
and customer VLANs 16-2
and IEEE 802.1Q tunneling 16-1
Layer 2 protocols across 16-8
Layer 2 protocol tunneling for EtherChannels 16-9
set-request operation 31-5
setup program
failed command switch replacement 44-9
replacing failed command switch 44-8
severity levels, defining in system messages 30-8
SFPs
monitoring status of 10-28, 44-13
security and identification 44-12
status, displaying 44-13
shaped round robin
See SRR
show access-lists hw-summary command 32-21
show and more command output, filtering 2-10
show cdp traffic command 25-5
show cluster members command 5-15
show configuration command 10-24
show forward command 44-20
show interfaces command 10-18, 10-24
show l2protocol command 16-13, 16-15, 16-16
show lldp traffic command 26-7
show platform forward command 44-20
show running-config command
displaying ACLs 32-19, 32-20, 32-30, 32-33
interface description in 10-24
shutdown command on interfaces 10-29
shutdown threshold for Layer 2 protocol packets 16-11
Simple Network Management Protocol
See SNMP
Smartports macros
applying Cisco-default macros 11-6
applying global parameter values 11-5, 11-6
applying macros 11-5
applying parameter values 11-5, 11-7
configuration guidelines 11-3
creating 11-4
default configuration 11-2
defined 11-1
displaying 11-8
tracing 11-3
website 11-2
SNAP 25-1
SNMP
accessing MIB variables with 31-4
agent
described 31-4
disabling 31-8
authentication level 31-11
community strings
configuring 31-8
for cluster switches 31-4
overview 31-4
configuration examples 31-16
default configuration 31-7
engine ID 31-7
groups 31-7, 31-10
host 31-7
ifIndex values 31-6
in-band management 1-5
in clusters 5-14
informs
and trap keyword 31-12
described 31-5
differences from traps 31-5
disabling 31-15
enabling 31-15
limiting access by TFTP servers 31-16
limiting system log messages to NMS 30-9
manager functions 1-4, 31-3
managing clusters with 5-15
MIBs
location of A-3
supported A-1
notifications 31-5
overview 31-1, 31-4
security levels 31-3
status, displaying 31-17
system contact and location 31-15
trap manager, configuring 31-14
traps
described 31-3, 31-5
differences from informs 31-5
disabling 31-15
enabling 31-12
enabling MAC address notification 6-22
overview 31-1, 31-5
types of 31-12
users 31-7, 31-10
versions supported 31-2
SNMPv1 31-2
SNMPv2C 31-2
SNMPv3 31-2
snooping, IGMP 23-2
software images
location in flash B-20
recovery procedures 44-2
scheduling reloads 3-16
tar file format, described B-20
See also downloading and uploading
source addresses
in IPv4 ACLs 32-11
in IPv6 ACLs 38-5
source-and-destination-IP address based forwarding, EtherChannel 34-7
source-and-destination MAC address forwarding, EtherChannel 34-7
source-IP address based forwarding, EtherChannel 34-7
source-MAC address forwarding, EtherChannel 34-6
SPAN
configuration guidelines 28-10
default configuration 28-9
destination ports 28-7
displaying status 28-23
interaction with other features 28-8
monitored ports 28-5
monitoring ports 28-7
overview 1-11, 28-1
ports, restrictions 24-11
received traffic 28-4
sessions
configuring ingress forwarding 28-14, 28-21
creating 28-11
defined 28-3
limiting source traffic to specific VLANs 28-14
removing destination (monitoring) ports 28-12
specifying monitored ports 28-11
with ingress traffic enabled 28-13
source ports 28-5
transmitted traffic 28-5
VLAN-based 28-6
spanning tree and native VLANs 12-19
Spanning Tree Protocol
See STP
SPAN traffic 28-4
split horizon, RIP 35-22
SRR
configuring
shaped weights on egress queues 33-76
shared weights on egress queues 33-77
shared weights on ingress queues 33-69
described 33-14
shaped mode 33-14
shared mode 33-14
support for 1-10
SSH
configuring 8-39
cryptographic software image 8-37
described 1-5, 8-38
encryption methods 8-38
user authentication methods, supported 8-38
SSL
configuration guidelines 8-45
configuring a secure HTTP client 8-47
configuring a secure HTTP server 8-46
cryptographic software image 8-42
described 8-42
monitoring 8-48
standby command switch
configuring
considerations 5-11
defined 5-2
priority 5-10
requirements 5-3
virtual IP address 5-11
See also cluster standby group and HSRP
standby group, cluster
See cluster standby group and HSRP
standby ip command 39-5
standby links 20-2
standby router 39-1
standby timers, HSRP 39-10
startup configuration
booting
manually 3-13
specific image 3-14
clearing B-19
configuration file
automatically downloading 3-12
specifying the filename 3-12
default boot configuration 3-12
stateless autoconfiguration 36-5
static access ports
assigning to VLAN 12-11
defined 10-3, 12-3
static addresses
See addresses
static IP routing 1-10
static MAC addressing 1-7
static routes
configuring 35-74
configuring for IPv6 36-15
static routing 35-3
static VLAN membership 12-2
statistics
802.1x 9-44
CDP 25-4
interface 10-28
IP multicast routing 41-52
LLDP 26-7
LLDP-MED 26-7
OSPF 35-32
QoS ingress and egress 33-79
RMON group Ethernet 29-5
RMON group history 29-5
SNMP input and output 31-17
VTP 13-16
sticky learning 24-9
storm control
configuring 24-3
described 24-1
disabling 24-5
displaying 24-19
support for 1-3
thresholds 24-1
STP
accelerating root port selection 19-4
BackboneFast
described 19-5
disabling 19-14
enabling 19-13
BPDU filtering
described 19-3
disabling 19-12
enabling 19-12
BPDU guard
described 19-2
disabling 19-12
enabling 19-11
BPDU message exchange 17-3
configuration guidelines 17-12, 19-10
configuring
forward-delay time 17-21
hello time 17-20
maximum aging time 17-21
path cost 17-18
port priority 17-17
root switch 17-14
secondary root switch 17-16
spanning-tree mode 17-13
switch priority 17-19
transmit hold-count 17-22
counters, clearing 17-22
default configuration 17-11
default optional feature configuration 19-9
designated port, defined 17-3
designated switch, defined 17-3
detecting indirect link failures 19-5
disabling 17-14
displaying status 17-22
EtherChannel guard
described 19-7
disabling 19-14
enabling 19-14
extended system ID
effects on root switch 17-14
effects on the secondary root switch 17-16
overview 17-4
unexpected behavior 17-15
features supported 1-6
IEEE 802.1D and bridge ID 17-4
IEEE 802.1D and multicast addresses 17-8
IEEE 802.1t and VLAN identifier 17-4
inferior BPDU 17-3
instances supported 17-9
interface state, blocking to forwarding 19-2
interface states
blocking 17-6
disabled 17-7
forwarding 17-5, 17-6
learning 17-6
listening 17-6
overview 17-4
interoperability and compatibility among modes 17-10
keepalive messages 17-2
Layer 2 protocol tunneling 16-8
limitations with IEEE 802.1Q trunks 17-10
load sharing
overview 12-24
using path costs 12-26
using port priorities 12-24
loop guard
described 19-9
enabling 19-15
modes supported 17-9
multicast addresses, effect of 17-8
optional features supported 1-6
overview 17-2
path costs 12-26
Port Fast
described 19-2
enabling 19-10
port priorities 12-25
preventing root switch selection 19-8
protocols supported 17-9
redundant connectivity 17-8
root guard
described 19-8
enabling 19-15
root port, defined 17-3
root switch
configuring 17-15
effects of extended system ID 17-4, 17-14
election 17-3
unexpected behavior 17-15
shutdown Port Fast-enabled port 19-2
status, displaying 17-22
superior BPDU 17-3
timers, described 17-20
UplinkFast
described 19-3
enabling 19-13
VLAN-bridge 17-10
stratum, NTP 6-2
stub areas, OSPF 35-28
stub routing, EIGRP 35-39
subdomains, private VLAN 14-1
subnet mask 35-5
subnet zero 35-6
success response, VMPS 12-28
summer time 6-13
SunNet Manager 1-4
supernet 35-6
SVIs
and IP unicast routing 35-3
and router ACLs 32-4
connecting VLANs 10-9
defined 10-5
routing between VLANs 12-2
switch clustering technology 5-1
See also clusters, switch
switch console port 1-5
Switch Database Management
See SDM
switched packets, ACLs on 32-37
Switched Port Analyzer
See SPAN
switched ports 10-2
switchport block multicast command 24-7
switchport block unicast command 24-7
switchport command 10-14
switchport mode dot1q-tunnel command 16-6
switchport protected command 24-6
switch priority
MSTP 18-21
STP 17-19
switch software features 1-1
switch virtual interface
See SVI
synchronization, BGP 35-45
syslog
See system message logging
system clock
configuring
daylight saving time 6-13
manually 6-11
summer time 6-13
time zones 6-12
displaying the time and date 6-12
overview 6-1
See also NTP
system message logging
default configuration 30-3
defining error message severity levels 30-8
disabling 30-4
displaying the configuration 30-13
enabling 30-4
facility keywords, described 30-13
level keywords, described 30-9
limiting messages 30-9
message format 30-2
overview 30-1
sequence numbers, enabling and disabling 30-7
setting the display destination device 30-4
synchronizing log messages 30-5
syslog facility 1-12
time stamps, enabling and disabling 30-7
UNIX syslog servers
configuring the daemon 30-11
configuring the logging facility 30-12
facilities supported 30-13
system MTU and IEEE 802.1Q tunneling 16-5
system name
default configuration 6-15
default setting 6-15
manual configuration 6-15
See also DNS
system prompt, default setting 6-14, 6-15
system resources, optimizing 7-1
T
TACACS+
accounting, defined 8-11
authentication, defined 8-11
authorization, defined 8-11
configuring
accounting 8-17
authentication key 8-13
authorization 8-16
login authentication 8-14
default configuration 8-13
displaying the configuration 8-17
identifying the server 8-13
in clusters 5-14
limiting the services to the user 8-16
operation of 8-12
overview 8-10
support for 1-9
tracking services accessed by user 8-17
tagged packets
IEEE 802.1Q 16-3
Layer 2 protocol 16-8
tar files
creating B-6
displaying the contents of B-6
extracting B-7
image file format B-20
TDR 1-12
Telnet
accessing management interfaces 2-10
number of connections 1-5
setting a password 8-6
templates, SDM 7-1
temporary self-signed certificate 8-43
Terminal Access Controller Access Control System Plus
See TACACS+
terminal lines, setting a password 8-6
TFTP
configuration files
downloading B-11
preparing the server B-10
uploading B-11
configuration files in base directory 3-6
configuring for autoconfiguration 3-6
image files
deleting B-23
downloading B-22
preparing the server B-22
uploading B-24
limiting access by servers 31-16
TFTP server 1-5
threshold, traffic level 24-2
time
See NTP and system clock
Time Domain Reflector
See TDR
time-range command 32-16
time ranges in ACLs 32-16
time stamps in log messages 30-7
time zones 6-12
TLVs
defined 26-2
LLDP 26-2
LLDP-MED 26-2
Token Ring VLANs
support for 12-6
VTP support 13-4
ToS 1-9
traceroute, Layer 2
and ARP 44-16
and CDP 44-15
broadcast traffic 44-15
described 44-15
IP addresses and subnets 44-16
MAC addresses and VLANs 44-15
multicast traffic 44-15
multiple devices on a port 44-16
unicast traffic 44-15
usage guidelines 44-15
traceroute command 44-17
See also IP traceroute
tracked lists
configuring 39-14
types 39-14
tracked objects
by Boolean expression 39-14
by threshold percentage 39-16
by threshold weight 39-15
tracking interface line-protocol state 39-13
tracking IP routing state 39-13
tracking objects 39-13
tracking process 39-12
traffic
blocking flooded 24-7
fragmented 32-5
fragmented IPv6 38-2
unfragmented 32-5
traffic policing 1-9
traffic suppression 24-1
transmit hold-count
see STP
transparent mode, VTP 13-3, 13-12
trap-door mechanism 3-2
traps
configuring MAC address notification 6-22
configuring managers 31-12
defined 31-3
enabling 6-22, 31-12
notification types 31-12
overview 31-1, 31-5
troubleshooting
connectivity problems 44-13, 44-15, 44-16
detecting unidirectional links 27-1
displaying crash information 44-23
PIMv1 and PIMv2 interoperability problems 41-25
setting packet forwarding 44-20
SFP security and identification 44-12
show forward command 44-20
with CiscoWorks 31-4
with debug commands 44-19
with ping 44-13
with system message logging 30-1
with traceroute 44-16
trunk failover
See link-state tracking
trunking encapsulation 1-7
trunk ports
configuring 12-20
defined 10-3, 12-3
encapsulation 12-20, 12-25, 12-26
trunks
allowed-VLAN list 12-21
configuring 12-20, 12-25, 12-26
ISL 12-16
load sharing
setting STP path costs 12-26
using STP port priorities 12-24, 12-25
native VLAN for untagged traffic 12-23
parallel 12-26
pruning-eligible list 12-22
to non-DTP device 12-17
trusted boundary for QoS 33-39
trusted port states
between QoS domains 33-41
classification options 33-5
ensuring port security for IP phones 33-39
support for 1-9
within a QoS domain 33-36
trustpoints, CA 8-42
tunneling
defined 16-1
IEEE 802.1Q 16-1
Layer 2 protocol 16-8
tunnel ports
defined 12-4
described 10-4, 16-1
IEEE 802.1Q, configuring 16-6
incompatibilities with other features 16-6
twisted-pair Ethernet, detecting unidirectional links 27-1
type of service
See ToS
U
UDLD
configuration guidelines 27-4
default configuration 27-4
disabling
globally 27-5
on fiber-optic interfaces 27-5
per interface 27-5
echoing detection mechanism 27-2
enabling
globally 27-5
per interface 27-5
Layer 2 protocol tunneling 16-10
link-detection mechanism 27-1
neighbor database 27-2
overview 27-1
resetting an interface 27-6
status, displaying 27-6
support for 1-6
UDP, configuring 35-15
unauthorized ports with IEEE 802.1x 9-7
unicast MAC address filtering 1-5
and adding static addresses 6-25
and broadcast MAC addresses 6-25
and CPU packets 6-25
and multicast addresses 6-25
and router MAC addresses 6-25
configuration guidelines 6-25
described 6-25
unicast storm 24-1
unicast storm control command 24-4
unicast traffic, blocking 24-7
UniDirectional Link Detection protocol
See UDLD
UNIX syslog servers
daemon configuration 30-11
facilities supported 30-13
message logging configuration 30-12
unrecognized Type-Length-Value (TLV) support 13-4
upgrading information
See release notes
upgrading software images
See downloading
UplinkFast
described 19-3
disabling 19-13
enabling 19-13
support for 1-6
uploading
configuration files
preparing B-10, B-13, B-16
reasons for B-8
using FTP B-14
using RCP B-18
using TFTP B-11
image files
preparing B-22, B-25, B-29
reasons for B-20
using FTP B-28
using RCP B-32
using TFTP B-24
User Datagram Protocol
See UDP
user EXEC mode 2-2
username-based authentication 8-6
V
version-dependent transparent mode 13-4
virtual IP address
cluster standby group 5-11
command switch 5-11
Virtual Private Network
See VPN
virtual router 39-1, 39-2
vlan.dat file 12-5
VLAN 1, disabling on a trunk port 12-22
VLAN 1 minimization 12-21
VLAN ACLs
See VLAN maps
vlan-assignment response, VMPS 12-28
VLAN configuration
at bootup 12-8
saving 12-8
VLAN configuration mode 2-2, 12-7
VLAN database
and startup configuration file 12-8
and VTP 13-1
VLAN configuration saved in 12-7
VLANs saved in 12-4
vlan database command 12-7
vlan dot1q tag native command 16-5
VLAN filtering and SPAN 28-6
vlan global configuration command 12-7
VLAN ID, discovering 6-26
VLAN load balancing on flex links 20-2
configuration guidelines 20-5
VLAN management domain 13-2
VLAN Management Policy Server
See VMPS
VLAN map entries, order of 32-29
VLAN maps
applying 32-33
common uses for 32-33
configuration guidelines 32-29
configuring 32-28
creating 32-30
defined 32-2
denying access to a server example 32-35
denying and permitting packets 32-30
displaying 32-40
examples of ACLs and VLAN maps 32-31
removing 32-33
support for 1-8
wiring closet configuration example 32-34
VLAN membership
confirming 12-31
modes 12-3
VLAN Query Protocol
See VQP
VLANs
adding 12-9
adding to VLAN database 12-9
aging dynamic addresses 17-9
allowed on trunk 12-21
and spanning-tree instances 12-3, 12-6, 12-13
configuration guidelines, extended-range VLANs 12-13
configuration guidelines, normal-range VLANs 12-6
configuration options 12-7
configuring 12-1
configuring IDs 1006 to 4094 12-13
connecting through SVIs 10-9
creating in config-vlan mode 12-9
creating in VLAN configuration mode 12-10
customer numbering in service-provider networks 16-3
default configuration 12-8
deleting 12-10
described 10-2, 12-1
displaying 12-16
extended-range 12-1, 12-12
features 1-7
illustrated 12-2
internal 12-13
limiting source traffic with RSPAN 28-22
limiting source traffic with SPAN 28-14
modifying 12-9
multicast 23-17
native, configuring 12-23
normal-range 12-1, 12-4
number supported 1-7
parameters 12-5
port membership modes 12-3
static-access ports 12-11
STP and IEEE 802.1Q trunks 17-10
supported 12-2
Token Ring 12-6
traffic between 12-2
VLAN-bridge STP 17-10, 43-2
VTP modes 13-3
VLAN Trunking Protocol
See VTP
VLAN trunks 12-16
VMPS
administering 12-32
configuration example 12-33
configuration guidelines 12-29
default configuration 12-29
description 12-27
dynamic port membership
described 12-28
reconfirming 12-31
troubleshooting 12-33
entering server address 12-30
mapping MAC addresses to VLANs 12-28
monitoring 12-32
reconfirmation interval, changing 12-31
reconfirming membership 12-31
retry count, changing 12-32
voice-over-IP 15-1
voice VLAN
Cisco 7960 phone, port connections 15-1
configuration guidelines 15-3
configuring IP phones for data traffic
override CoS of incoming frame 15-6
trust CoS priority of incoming frame 15-6
configuring ports for voice traffic in
802.1p priority tagged frames 15-5
802.1Q frames 15-5
connecting to an IP phone 15-4
default configuration 15-3
described 15-1
displaying 15-7
IP phone data traffic, described 15-2
IP phone voice traffic, described 15-2
VPN
configuring routing in 35-66
forwarding 35-64
in service provider networks 35-61
routes 35-62
VPN routing and forwarding table
See VRF
VQP 1-7, 12-27
VRF
defining 35-63
tables 35-61
VTP
adding a client to a domain 13-14
advertisements 12-19, 13-3
and extended-range VLANs 13-1
and normal-range VLANs 13-1
client mode, configuring 13-11
configuration
global configuration mode 13-7
guidelines 13-8
privileged EXEC mode 13-7
requirements 13-9
saving 13-7
VLAN configuration mode 13-7
configuration mode options 13-7
configuration requirements 13-9
configuration revision number
guideline 13-14
resetting 13-15
configuring
client mode 13-11
server mode 13-9
transparent mode 13-12
consistency checks 13-4
default configuration 13-6
described 13-1
disabling 13-12
domain names 13-8
domains 13-2
Layer 2 protocol tunneling 16-8
modes
client 13-3, 13-11
server 13-3, 13-9
transitions 13-3
transparent 13-3, 13-12
monitoring 13-16
passwords 13-8
pruning
disabling 13-14
enabling 13-14
examples 13-5
overview 13-4
support for 1-7
pruning-eligible list, changing 12-22
server mode, configuring 13-9
statistics 13-16
support for 1-7
Token Ring support 13-4
transparent mode, configuring 13-12
using 13-1
version, guidelines 13-8
Version 1 13-4
Version 2
configuration guidelines 13-8
disabling 13-13
enabling 13-13
overview 13-4
W
WCCP
authentication 40-3
configuration guidelines 40-5
default configuration 40-5
described 40-1
displaying 40-9
dynamic service groups 40-3
enabling 40-6
features unsupported 40-4
forwarding method 40-3
Layer-2 header rewrite 40-3
MD5 security 40-3
message exchange 40-2
monitoring and maintaining 40-9
negotiation 40-3
packet redirection 40-3
packet-return method 40-3
redirecting traffic received from a client 40-6
setting the password 40-6
unsupported WCCPv2 features 40-4
web authentication
configuring9-41to 9-43
described 1-7, 9-20
fallback for IEEE 802.1x 9-42
Web Cache Communication Protocol
See WCCP
weighted tail drop
See WTD
weight thresholds in tracked lists 39-15
wizards 1-3
WTD
described 33-13
setting thresholds
egress queue-sets 33-72
ingress queues 33-68
support for 1-10
X
Xmodem protocol 44-2